Enable Private Nodes

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Kubernetes Engine console available at https://console.cloud.google.com/kubernetes.

04 In the left navigation panel, under Resource Management, choose Clusters and select the OVERVIEW tab to access the list of GKE clusters provisioned for the selected GCP project.

05 Click on the name (link) of the GKE cluster that you want to examine.

06 Select the DETAILS tab to view the configuration information available for the selected cluster.

07 In the Default New Node-Pool Configuration section, check the Private Nodes attribute value to determine if the selected cluster deploys private nodes. If Private Nodes is set to Disabled, the selected Google Kubernetes Engine (GKE) cluster is not configured to provision node pools with private nodes only.

08 Repeat steps no. 5 – 7 for each GKE cluster provisioned within the selected GCP project.

09 Repeat steps no. 2 – 8 for each GCP project deployed in your Google Cloud account.

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each GCP project available in your Google Cloud account:

gcloud projects list
	--format="table(projectId)"

02 The command output should return the requested GCP project IDS:

PROJECT_ID
cc-web-project-123123
cc-dev-project-112233

03 Run container clusters list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each GKE cluster provisioned for the selected project:

gcloud container clusters list
	--project cc-web-project-123123
	--format="table(NAME,ZONE)"

04 The command output should return the requested cluster names and their regions:

NAME: cc-gke-backend-cluster
ZONE: us-central1

NAME: cc-gke-frontend-cluster
ZONE: us-central1

05 Run container clusters describe command (Windows/macOS/Linux) with the name of the GKE cluster that you want to examine as the identifier parameter and custom output filters to determine if the selected GKE cluster is configured to deploy node pools with private nodes:

gcloud container clusters describe cc-gke-backend-cluster
	--region=us-central1
	--format="json(networkConfig.defaultEnablePrivateNodes)"

06 The command output should return the private nodes configuration status for default new node pools. If "defaultEnablePrivateNodes" is set to true, the selected cluster can provision private nodes:

"networkConfig": {
	"defaultEnablePrivateNodes": false
}

07 Repeat steps no. 5 and 6 for each GKE cluster provisioned for the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Kubernetes Engine console available at https://console.cloud.google.com/kubernetes.

04 In the left navigation panel, under Resource Management, choose Clusters and select the OVERVIEW tab to access the list of GKE clusters deployed for the selected GCP project.

05 Click on the name (link) of the GKE cluster that you want to configure.

06 Select the DETAILS tab to view the configuration information available for the selected cluster.

07 In the Default New Node-Pool Configuration section, click on the Edit Private Nodes button (i.e., pencil icon) available next to Private Nodes to modify the feature settings.

08 Inside the Edit Private Nodes configuration box, check the Enable Private nodes setting checkbox, and choose SAVE CHANGES to apply the configuration changes. This will enable the selected GKE cluster to provision nodes with only internal IP addresses (i.e., private nodes), which prevent external clients from accessing the cluster nodes.

09 Repeat steps no. 5 – 8 for each GKE cluster that you want to configure, created for the selected GCP project.

10 Repeat steps no. 2 – 9 for each GCP project available in your Google Cloud account.

01 Run container clusters update command (Windows/macOS/Linux) with the name of the Google Kubernetes Engine (GKE) cluster that you want to configure as the identifier parameter, to configure the selected GKE cluster to provision node pools with private nodes only. This will enable private nodes as a default behavior for all newly created node pools within the cluster. The --enable-ip-alias parameter is required when using --enable-private-nodes. --enable-ip-alias enables VPC-native networking, which provides a more secure and efficient way to manage and communicate with private nodes within the cluster:

gcloud container clusters update cc-gke-backend-cluster
	--enable-private-nodes
	--enable-ip-alias

02 The command output should return the full URL of the modified GKE cluster:

Updating cc-gke-backend-cluster... done.
Updated [https://container.googleapis.com/v1/projects/cc-web-project-123123/zones/us-central1/clusters/cc-gke-backend-cluster].

03 Repeat steps no. 1 and 2 for each GKE cluster that you want to configure, available within the selected GCP project.

04 Repeat steps no. 1 – 3 for each GCP project deployed in your Google Cloud account.